Data is choking the classic internet, expanding exponentially and clogging networks, making the promise of the 5G network alluring.

What is a 5G network? Funnily enough, it’s the fifth generation of broadband cellular or wireless networks, proven to be inherently more efficient and faster at handling ever-growing connections and users. While super-fast 5G connections currently exist mainly in a few major metropolitan areas, 5G is expected to expand nationwide within the next few years.

With its ability to connect tens of billions of new devices and evolve with future communications technologies, 5G is no doubt the wave of the future. But the same speed and bandwidth promises apply to the bad guys, too, introducing new opportunities for high-speed hackers to emerge.

And chief information security officers (CISOs) sense there’s trouble brewing: Nearly 73% rated their security concern as medium-high to high in an AT&T study.

There’s one technology field that will likely change the security landscape: quantum computing.

While a true, fiber-backed quantum internet that securely connects governments and corporations is admittedly years away, the U.S. Department of Energy and its partners are committed to its development, a move that could propel the United States to the front of the global quantum race.

Until then, CISOs can take advantage of quantum technologies and the existing fiber network in the United States today to gain immediate protection for 5G networks and the legacy enterprise applications they are tapping into.

Let’s talk about fiber first.

The simple fact is that beneath every wireless network there’s a hard-wired, fiber-optic network backbone. In the United States today, we have a growing fiber network across the country that spans more than 4 million route miles.

Quantum cryptography also requires fiber cables to send photons of light from one point to another, and once sent, quantum-secured data is virtually unhackable. By installing quantum technology like QKD at key “hub” locations throughout the fiber network that underpins 5G, data trafficked on the 5G network could be protected.

QKD, or quantum key distribution, is a method of communication that allows two parties to create a shared random “key” that is known only to them. This key can be used to encrypt and decrypt messages.

Interestingly, China is unintentionally helping to spur quantum security adoption. Wireless network technology from Huawei is being ripped and replaced because of fears the Chinese government may potentially use it to gather data and competitive intelligence. This action is giving U.S. and other network managers the opportunity to combine traditional, mathematical security algorithms and the physical protection afforded by QKD encryption as an important near-term solution to data security.

Quantum security should be considered as an element of any forward-looking CISO’s game plan. Unfortunately, much of today’s existing security processes have one major point of failure: people.

Did you know that the Colonial Pipeline hackers got in through a single password that allowed employees to remotely access the company’s computer network through a virtual private network (VPN) account? An employee account that was no longer in use and that did not use multifactor authentication was used to take down the largest fuel pipeline in the United States, according to Bloomberg (paywall).

The fact is, good security hygiene is a great place to start to build a strong, security-first foundation that will enable you to take advantage of 5G and be primed for the quantum internet. Best practices like enabling two-factor authentication and employee education on cybersecurity efforts are essential for businesses today.

We were lucky the Colonial Pipeline hackers were satisfied to get a monetary ransom, which was in fact eventually recovered by U.S. law enforcement. We face real trouble when the next cybercriminal just wants to create chaos.

Two major federal organizations are working toward developing real-world applications of quantum computing. But they are working at opposite ends of the optical fiber, as it were, and this disconnect could reverberate down the line for how quickly and effectively businesses can take advantage of quantum speed and security.

Unlike traditional bits- and bytes-based computing, quantum computers use the physics of light and quantum mechanics to compute at speeds that dwarf the fastest traditional computer.

Why is this critical? Because as the size and scale of data grow (think big data, growing exponentially every day), governments and companies need computers that can work with the scope of the data to create actionable analytics.

But with great processing power comes the need for a major upgrade in security. When using traditional computer security techniques based on mathematical algorithms, you are waging a battle against time. A hacker can harvest encrypted data today, store the data and the encryption key transmitted with that data and wait until a quantum computer is available that can quickly break the encryption key.

With quantum computers, security is double-pronged. On one hand, a bad actor deploying a quantum computer can break a mathematical encryption much, much faster. On the other hand, quantum-based encryption using encoded photons as encryption key material is virtually unbreakable, even by a quantum computer.

Two Opposing Quantum Viewpoints?

The National Science Foundation, under the auspices of the Department of Energy, has gone all-in on , combining millions in private and public monies to bring together a collaborative team of scientists and engineers. You could say they are dealing with the head of the quantum

“snake,” working on applications of quantum technologies for computing, networking, security and materials development.

On the other hand, the , in coordination with the National Security Agency (NSA), is focused on anointing post-quantum cryptography (PQC) or quantum-resistant mathematical algorithms to be selected as the standard for quantum-based cryptography. This process has been playing out in public since 2017 and is not expected to conclude with a new standard until 2022 or 2023. The queasy feeling in your stomach is the realization that China will have as many as six years to break the new standard before it even sees the light of day.

The conflict between NIST’s all-or-nothing approach is that we know quantum computers have the heft and processing speeds to break even once-unbreakable mathematical encryption. We need only look to the recent past when Peter Shor in 1994 and Lov Grover in 1996 developed algorithms to make our current encryption less secure. Can we count on no other brilliant mathematician emerging on the scene with a new algorithm that cuts into the lifetime of the anointed PQC algorithm The question isn’t whether NIST’s standard will be violated, but when.

There is one , in particular, that NSA and NIST have eschewed: quantum key distribution (QKD). QKD is a method of communication that allows two parties to create a shared random “key” that is known only to them. This key can be used to encrypt and decrypt messages.

With their focus on math instead of physics, NIST researchers have laid out five reasons QKD is a nonstarter. Based on my 30-plus years of experience working in security technology and quantum science., I call these the:

Five Myths Of QKD

1. “QKD is only a partial solution.” This asserts that QKD keys cannot be authenticated from their source. This is false. QKD systems authenticate at both ends of the exchange assuring that the original transmission comes from the desired entity, thereby securing the communication seamlessly.

2. “QKD requires special purpose equipment.” This is believed because QKD requires fiber optic cables to send secret information from point A to point B. But there are already more than in the United States, with telecom companies laying more every year. This in-ground fiber is perfectly suitable to support QKD. With this logic NIST seems to be saying that we should have never invested in the infrastructure of the internet.

3. “QKD increases infrastructure costs and insider threat risks.” This myth is based on the assertion that trusted relays should never be trusted. A trusted relay or, more commonly, trusted node is used to repeat the QKD signal after the optical fiber attenuates the signal over the transmission distance. The need for trusted nodes is diminishing rapidly with readily available QKD equipment extending the need for repeating to well beyond 100 km and with new twin-field QKD, transmitting as far as 600km without repeating the signal. Finally, there is a world-wide development effort by the most prestigious universities and research institutes to develop and build quantum repeaters. The time for this innovation is expected to parallel the development of a quantum computer capable of defeating public key cryptography.

4. “Securing and validating quantum key distribution is a significant challenge.” NIST faults QKD not for its quantum theory but for long-ago misfires in its practical application. On this point, consider that QKD was first invented in 1984 by a team that included . A lot has happened in almost 38 years to bring QKD and the equipment it uses into the future. The actual security provided by QKD relies on the laws of physics which mathematical algorithms can never claim.

5. “QKD increases the risk of denial of service.” QKD technology creates an environment that detects an eavesdropper — someone who should not be in the path of the secret communication, automatically stopping the transmission of the secure information. But with survivable, route diverse QKD systems, the keys can be redirected so quickly and randomly that the user will see no performance impact, and the interloper will be shut out from any denial-of-service attempt.

The bottom line is that no one — not our government and certainly not the companies who could become victims of quantum enabled crime — can afford to rebuff any quantum-safe security solution. Europe, Japan and China have robust QKD systems and trials in place. Shouldn’t we be as informed as our international friends and foes?

No security expert would ever suggest using just one system or rely on just one approach to protect its secret data. That single-threaded approach has gotten us the Colonial Pipeline breach and leaves us open to far more serious infrastructure attacks that won’t be solvable by writing a ransom check. A defense-in-depth strategy with completely different failure mechanisms,

deploying more than one kind of encryption can provide the layers of protection that will prove resilient. QKD is an excellent step toward quantum security, relies on an immutable law of physics for its security and is destined to be an integral part of the quantum internet of the future. Isn’t it time to devote a united, serious development effort to QKD in America?